Service Accounts in Portals

Overview

Service accounts are the main way that you manage end user security for your portal. A service account is an Appian user account and uses an API key or Appian account credentials to allow your end users to do the following actions in your portal:

• View queried data
• Submit data
• Upload documents
• Download documents
• View documents

To allow your end users access to these actions in your portal, add your service account to end user groups that have permissions to the data stores, record types, and document folders that are used in your portal. See Set up service account permissions for more information.

What service accounts do you need?

You can only link one service account to your portal object. If you're using both documents and external databases, use the same service account for both. If you have service accounts that are only used with web APIs to write or query data from Appian or other non-public external databases, you don't need to add them in portal object.

Creating service accounts

If you don't already have a service account in your environment, you can create a service account from scratch or create a service account when you create an API key.

To create a service account from scratch:

1. Create a new user.
2. Put the user in the Service Accounts system group.
3. Make sure to add the service account to other appropriate groups to grant permission to your portal.

Service account security

Using service accounts makes it extremely hard to unintentionally expose data or documents in a portal, which means that your data and documents stay secure.

While sharing your data and documents in portals isn't a security vulnerability, we do recommend that you only grant the service accounts' access to the data and documents that are needed for the portal. Developers should be intentional about what information is made public.

Feedback